Android app able to steal credit card information via NFC

Contactless-card app

Thomas Skora, a German security researcher, managed to get an app in Google Play that could read a contactless credit card data. The app has been already removed and its goal was to test the security flaw. Skora’s app was able to get details from German PayPas Mastercard and GeldKarte.

The app was able to read the card number, issue and expiry date, along with bank code, though Google removed it quickly from the Play Store, thanks to the news about it.

According to Skora, changing the app in order to get data from other banks and cards is very easy, which should really get us thinking about how secure the environment is. And this app doesn’t require anything else than a NFC-equipped smartphone.

The security researcher has also released the app’s source code, so that everyone can see the vulnerabilities. While it’s not a very good idea, considering that not only those with good intentions will get their hands on the code, the Smart Card Alliance is going to fix this vulnerability easier.

The Smart Card Alliance’s website states that the payment system is able to mitigate fraudulent transactions, though no fraud attempt was encountered yet.

Hopefully we will get better news soon, as this technology is becoming a trend, especially because its embedded in most nowadays smartphones.

This post has been updated in order to correct some misunderstandings. Thanks for those who sent the clarifications. I’m very sorry for the mistake.

  • http://jjjdaadee.myopenid.com/ jMadje

    This is not a new exploit on contactless cards it has been widely known for about 5 years. It would take anyone with a knowledge about 1/2 hours to write the code, on anything that is capable of “NFC”.